Author
Topic: Mac attack (Read 13452 times)

In 2011, Intego’s Malware Research Team discovered OSX/Flashback.A, a trojan horse that used social engineering to trick users into installing a malicious Flash player package. Then in early 2012, Flashback spread to infect up to 600,000 machines, as new variants were using Java exploits and drive-by downloads. Today, our latest research shows that the Flashback botnet is adrift and still in the wild.

Once installed on a Mac, Flashback created a backdoor, allowing it to take almost any activity on the infected machine. Users with infected Macs are at risk of being exposed to an almost limitless variety of malicious actions, as hackers can access infected Macs and snoop on the user, copying usernames and passwords, and more.

Now in 2014, it appears the Flashback botnet is silently adrift and still in the wild.

Beginning January 2, we studied those domains and our sinkhole servers recorded all connections from Macs where Flashback is still active and trying to contact the C&C servers.

After recording for five days, we counted at least 22,000 infected machines. As of this morning, we counted 14,248 unique identifiers of the latest Flashback variants.

Intego strongly encourages all Mac users to verify that their machine is not infected with Flashback.

Let's hope this malware reminds OS X users of a few simple truths that some Mac fans still seem willing to ignore:

Mac malware is unusual, but not impossible. Data thieves are interested in what Mac users have on their computers. Mac malware doesn't have to ask for a password before running. Mac malware can run directly from a download without an installation step. Bots and RATs are particularly pernicious because they can update and adapt their behaviour after you are infected.

Users of Apple's OS X operating system are being warned to take care when browsing online as they wait for a solution to a security flaw.

The problem was first spotted on Apple's mobile devices which run the iOS 7 operating system. It relates to the way secure connections are made between Apple's safari browser and websites, including banking sites, Google and Facebook.

These sites have digital security certificates that allow an encrypted connection to be established between a user's computer and the website. This means any data that is sent over the connection should be secure.

However, a vulnerability in the code for Apple's iOS and OS X operating systems meant the security certificates were not being checked properly. This meant hackers could impersonate a website and capture the data that was being sent over the connection before letting it continue its journey to the real website.

Graham Cluley, a security analyst, said it was a failing by the company that it had not been identified earlier.

"It's pretty bad what Apple have done, they've seriously dropped the ball. How much the problem has been exploited is hard to say. Hackers may now be trying to take advantage while users wait for the security fix."

He advised users to take care when using the web and consider using an alternative browser to Safari until the problem was fixed.

He also urged users of Apple's mobile devices to upgrade to the latest iOS version as soon as possible and for OS X users to keep their eyes open for a security update and to implement it as soon as it was available.

Apple on Tuesday made it clear that it will no longer patch OS X 10.6, aka Snow Leopard, when it again declined to offer a security update for the four-and-a-half-year-old operating system...

None of this would be noteworthy if Apple, like Microsoft and a host of other major software vendors, clearly spelled out its support policies. But Apple doesn't, leaving users to guess about when their operating systems will fall off support.

The average Apple Mac user encountered nine cyber threats during 2014, according to new research from antivirus and internet security company Kaspersky Lab, with a total of 1,499 new malicious programs for Mac OS X detected during the year – 200 more than in 2013.

According to Kaspersky's Security Bulletin for 2014, every second user of Kaspersky Lab's products for Mac OS X was exposed to a malicious attack, with a total of 3,693,936 infection attempts blocked.

Almost half of the top 20 Mac threats identified were occupied by AdWare programs, which automatically render advertisements on victims' computers in order to generate ad impressions and ultimately revenue for the author of the AdWare.

As a rule, these malicious programs arrive on users' computers alongside legitimate programs if they are downloaded from a software store rather than from the official website of the developer.

Among the other Mac threats detected were:

• A software backdoor that provides the fraudster with remote access to the system and at the same time steals contact lists to find new victims• A malicious program which makes screenshots every minute• A Trojan spy with a hidden remote control function that intercepts keystrokes• A malicious program designed to steal bitcoins for OS X• A piece of malware that attacks not only Mac-based computers but iOS-based devices connected to them to steal data

"Over the past few years, we’ve discovered more and more malicious samples targeting Mac devices. Yet, there still remains a common misconception that Mac OS X is safe from malware and viruses," said David Emm, principal security researcher at Kaspersky Lab.

Six university researchers have revealed deadly zero-day flaws in Apple's iOS and OS X, claiming it is possible to crack Apple's keychain, break app sandboxes and bypass its App Store security checks so that attackers can steal passwords from any installed app including the native email client without being detected.

The team was able to upload malware to the Apple app store, passing the vetting process without triggering alerts that could raid the keychain to steal passwords for services including iCloud and the Mail app, and all those store within Google Chrome.

Lead researcher Luyi Xing told El Reg he and his team complied with Apple's request to withhold publication of the research for six months, but had not heard back as of the time of writing.

Many users will see references to an application called MacKeeper on various web sites and via pop-ups on their browser. Not only is it expensive for what it purports to do (freeware applications that do the same or more are readily available), it can sometimes install itself without the user realising it, and it can be very tricky to get rid of.

MacKeeper has been described by various sources as highly invasive malware* that can de-stablize your operating system, adding that it is unethically marketed, with a history of making false advertising claims... and a rip-off.

There are many forms of ‘Malware’ that can affect a computer system, of which ‘a virus’ is but one type, ‘trojans’ another. Using the strict definition of a computer virus, no viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions. The same is not true of other forms of malware, such as Trojans. Whilst it is a fairly safe bet that your Mac will NOT be infected by a virus, it may have other security-related problem, but more likely a technical problem unrelated to any malware threat.

Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet

You can bypass Apple's space-age security and gain administrator-level privileges on an OS X Yosemite Mac using code that fits in a tweet.

Yosemite, aka version 10.10, is the latest stable release of the Mac operating system, so a lot of people are affected by this vulnerability.

This flaw is present in the latest version of Yosemite, OS X 10.10.4, and the beta, version 10.10.5. If you upgrade to the El Capitan beta (OS X 10.11), you'll be free from the vulnerability as Apple has already fixed it in that preview beta. Once again, if you keep up with Cupertino and install (or buy) the very latest stuff, you'll be rewarded.

Security researchers have found a vulnerability that would let them take control of Apple’s Mac computers and spread to other computers.

Apple’s computers have long been said to be much more secure than PCs, and for a long time were advertised as not being able to get viruses. But the researchers claim to have created the first attack that would be able to spread from computer to computer, taking control of them as they go.

“[The attack is] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware,” Xeno Kovah, one of the researchers who designed the worm, told Wired. “For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”

The threats are known to Apple, Mr Wardle said, but the company has not yet commented on the research.

While Windows is still overwhelmingly attackers' platform of choice, antivirus firm Kaspersky Labs recorded a surge in Apple malware in the past couple of years.

"I'm convinced that OS X security is lacking." "It's trivial to write new OS X malware than can bypass everything."

Mr Wardle had strong criticisms of Apple's built in antivirus program, XProtect. The software, which detects and blocks known malware, warning the user in the process, could be tricked by essentially renaming the malware.

The researcher also tested various different paid antivirus products on the market, and concluded that they suffer similar problems as XProtect.

Apple Keeps Leaving Macs Open To Malware -- But Whitehat Hackers Have Your Back

Apple employed a Gatekeeper for its Macs to do one job: keep unsigned, unverified software out. It might be time to fire Gatekeeper, or hire a new one, as its failures have again been shown up by Patrick Wardle, ex-NSA staffer and head of research at bug hunting firm Synack.

In September last year, Wardle took advantage of a flaw in Gatekeeper that allowed unsigned malicious apps to execute. Wardle noticed Gatekeeper only checked the signature of the first application that was executed by the user. If this verified application executed another slice of code, the latter was not checked by Gatekeeper and could pass through unsigned. By uncovering several Apple-signed apps that once executed would look for other files to launch, he could complete the attack. In his proof of concept, he packaged both the Apple-signed and unsigned, malicious code into one seemingly legitimate download.

The malicious file could do anything an attacker wanted, such as spy on the user, steal passwords or record Skype calls. To fix this, Apple simply blacklisted the files Wardle abused. This wasn’t effective at preventing attacks. Wardle could simply find other Apple-signed code that let him do the same, which he duly did. “It took me two minutes to get round their patch,” said Wardle.

Apple Macs targeted by KeRanger ransomware for first timeExperts say some Macs may have their files encrypted on Monday if computer has been infected

Apple customers were targeted by hackers over the weekend in the first campaign against Macintosh computers using a pernicious type of software known as ransomware, researchers with Palo Alto Networks have revealed.

Ransomware, one of the fastest-growing types of cyber threats, encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.

The good news is that Apple issued fixes for the problem earlier this week. If you have already updated your systems to iOS 9.3.3, tvOS 9.2.2, watchOS 2.2.2, and El Capitan v10.11.6 then you have done the right thing.

Apple has now quietly rolled-out a further security update revealing that the zero-day flaws are also present in Apple's OS X desktop operating system, as well as the desktop version of their OS X Safari browser.

My advice to Apple users? Make sure that your Macs, MacBooks, iPhones and iPads are up-to-date.

Malware installs Signal as part of scheme to steal Mac users' banking credentialsA harbinger of ported threats to come for Mac users?

New Mac malware is mysteriously pushing the Signal private-messaging app onto victims' mobile devices as part of a scheme to steal their banking credentials.

The threat, which goes by the name OSX/Dok, uses phishing mail laden with a malicious application as its attack vector. Those who crafted this campaign purchase Apple certificates (US $99) to sign their malicious application. Such willingness helps the malware bypass Gatekeeper's ever-watchful gaze.